Penetration Testing mailing list archives
RE: OWA configurations
From: "Justin Dearing" <justind () invision net>
Date: Fri, 10 Mar 2006 10:41:56 -0500
This form of authentication is a Microsoft proprietary extension to http that apparently uses some kind of challenge response it was called NTML but in IIS 6 was rebranded Integrated Windows Authentication. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/I IS/523ae943-5e6a-4200-9103-9808baa00157.mspx The previous technote provides some information. It does not go into protocol implementation details but will give you a bit more info to know what to ask google. As to how to brute force test it, I would recommend getting a bute forcer that supports that protocol. -----Original Message----- From: Bryan Miller [mailto:BMiller () sycomtech com] Sent: Friday, March 10, 2006 9:30 AM To: pen-test () lists securityfocus com Subject: OWA configurations In doing pen tests against various configurations of OWA, I have seen two major flavors. One, you receive the standard authentication request for a username and password. In those cases if you have a specific domain you can prepend it to the domain name. Other times you see the request for a username, password and domain name as three separate inputs. In the second case can I prepend the domain name to the login name, or am I required to enter all 3 pieces of information separately? Am I correct in assuming that the choice of which form of authentication you receive is set by the administrator? If I have to enter all 3 pieces of information separately, does anyone know of a tool to do this? Brutus/Hydra....tried both and neither has the option of specifying the domain name as part of the brute force attempt. ------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------ ------ ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- OWA configurations Bryan Miller (Mar 10)
- <Possible follow-ups>
- RE: OWA configurations Justin Dearing (Mar 10)
- RE: OWA configurations arian.evans (Mar 10)
- Re: OWA configurations Rogan Dawes (Mar 11)
- RE: OWA configurations arian.evans (Mar 10)
- Re: OWA configurations Mike Owen (Mar 10)
- SV: OWA configurations Bo Voigt (Mar 12)